When making decisions based on risk mitigation factors, one must first understand the basic definitions of hard risks and soft risks and how both of these possible courses of decision-making can, once applied to a probabilistic analysis, be managed. Within the context of a risk register and the outcome of a probabilistic analysis, risk mitigation can occur as hard risks and soft risks can be understood in terms of the ultimate effect on an organization. This article seeks to provide working definitions of hard risks, soft risks, risk mitigation factors, and how these are applied using a risk register and probabilistic analysis.

Hard risks tend to have defining factors and a great deal of statistical and other data, particularly in terms of hard facts and other reliable measures, to help one make an informed decision. Furthermore, since there is much already known it is possible to take swift action to achieve a desired outcome. Despite the fact that hard risks have more data, they are still not always certain due to the variability of data as well as other issues of change, both due to the climate and situation of the risk. Soft risks, on the other hand are much harder to make decisions about as they tend to involve situations where the risk factors are unknown or otherwise difficult to determine and thus the course of action is difficult to decide. These generally take more planning and application of extensive risk management applications in order to weigh what is known against the majority that is not.

Risk mitigation can be handled in several ways so that a particular venture can be thought through completely with knowledge of the potential benefits versus possible drawbacks that exist. To accomplish this task of risk mitigation, data can be handled and more closely scrutinized by creating a risk register which lists all of the risks associated with a project or plan and predicts the outcomes. The risks on such a register have information about how the risk is faring based on outside criteria and as a result, it changes frequently. In short, this risk register allows one to examine thoroughly and in an organized format all of the potential risks and their associated possible outcomes and current level of activity in the plan. By outlining all of the possibilities in a manner that is easily made current to reflect change (which is one of the more difficult aspects involved in risk management techniques) It is important that the risk register is kept up to date as well because without detailed and current information the risk factors and their associated mitigation measures will not always be valid. These issues involved with a risk register are also apparent in other risk management applications such as probabilistic analysis due to a lack of “perfect” data that can always be relied upon.

Probabilistic analysis sets forth the projected outcomes for various risks and seeks to analyze these as a set of data to provide an answer about a planned course of action. One of the most significant limitations involved in probabilistic analysis is that of change and variation. In any given analysis, no matter how carefully the data has been gathered and assimilated, there is a margin of error due to change, both in terms of the situation and general environment, not to mention the possibility of unreliable or faulty data. Although this is the main limitation, it is linked to other problems that make this kind of risk management attempt not completely reliable. While it is, generally speaking, one of the best ways to get the most accurate picture possible in a risky venture, if this limitation and its associated variances is kept in mind any damage can be mitigated. '